Consolidated identity management system provisioning to manage access across landscapes

US 10,673,855 B2
Filed: 04/10/2018
Issued: 06/02/2020
Est. Priority Date: 04/10/2018
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium to store instructions, which when executed by a computer, cause the computer to perform operations comprising:

receive a request to provision an entity in one or more heterogeneous landscapes, wherein the request includes one or more sub-requests;

upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are connected to a central identity management (IDM) system, provision the entity in the one or more heterogeneous landscapes via the central IDM system;

upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are not connected to the central IDM system, directly provision the entity in the one or more heterogeneous landscapes;

upon determining that an IDM configuration supports immediate provisioning, receive a payload as a synchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;

upon determining that the IDM configuration does not support immediate provisioning, receive a payload as an asynchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;

upon determining that a response is not received from the central IDM system with a status of the one or more sub-requests, determine the status of the one or more sub-requests from the central IDM system;

upon receiving a response from the central IDM system with the status of the one or more sub-requests, update the status in an audit log;

update a workflow corresponding to provisioning the entity; and

close the request after receiving status update from the individual one or more sub-requests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a process of consolidated identity management system provisioning to manage access across landscapes, a request is received to provision an entity in one or more heterogeneous landscapes. The request includes one or more sub-requests. Upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-request is connected to a central IDM system, the entity in the one or more heterogeneous landscapes is provisioned via the central IDM system. The status of the one or more sub-requests is determined using a push pull mechanism at the central IDM system. Upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests is not connected to the central IDM system, the entity is directly provisioned in the one or more heterogeneous landscapes. The request is closed after receiving the status update from the individual one or more sub-requests.

10 Citations

16 Claims

1. A non-transitory computer-readable medium to store instructions, which when executed by a computer, cause the computer to perform operations comprising:
- receive a request to provision an entity in one or more heterogeneous landscapes, wherein the request includes one or more sub-requests;
  
  upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are connected to a central identity management (IDM) system, provision the entity in the one or more heterogeneous landscapes via the central IDM system;
  
  upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are not connected to the central IDM system, directly provision the entity in the one or more heterogeneous landscapes;
  
  upon determining that an IDM configuration supports immediate provisioning, receive a payload as a synchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;
  
  upon determining that the IDM configuration does not support immediate provisioning, receive a payload as an asynchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;
  
  upon determining that a response is not received from the central IDM system with a status of the one or more sub-requests, determine the status of the one or more sub-requests from the central IDM system;
  
  upon receiving a response from the central IDM system with the status of the one or more sub-requests, update the status in an audit log;
  
  update a workflow corresponding to provisioning the entity; and
  
  close the request after receiving status update from the individual one or more sub-requests.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-readable medium of claim 1, whereindetermining the status of the one or more sub-requests at the central IDM system comprises determining the status of the one or more sub-requests at the central IDM system using a push pull mechanism at the central IDM system.
  - 3. The computer-readable medium of claim 1, further comprises instructions which when executed by the computer further cause the computer to:
    - receive a new request to provision the entity in the one or more heterogeneous landscapes;
      
      upon determining that the one or more heterogeneous landscapes corresponding to the request are connected to a central IDM system, provision the entity in the one or more heterogeneous landscapes via the central IDM system; and
      
      close the request after receiving status update from the request.
  - 4. The computer-readable medium of claim 1, wherein determining whether the one or more heterogeneous landscapes corresponding to the one or more sub-requests is connected to a central IDM system depends on a connector configuration defined in the request.
  - 5. The computer-readable medium of claim 1, wherein the push pull mechanism is performed as a background job at the central IDM system.

6. A computer-implemented method of consolidated identity management system provisioning to manage access across landscapes, the method comprising:
- receiving a request to provision an entity in one or more heterogeneous landscapes, wherein the request includes one or more sub-requests;
  
  upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are connected to a central identity management (IDM) system, provisioning the entity in the one or more heterogeneous landscapes via the central IDM system;
  
  upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are not connected to the central IDM system, directly provisioning the entity in the one or more heterogeneous landscapes;
  
  upon determining that an IDM configuration supports immediate provisioning, receive a payload as a synchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;
  
  upon determining that the IDM configuration does not support immediate provisioning, receive a payload as an asynchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;
  
  upon determining that a response is not received from the central IDM system with a status of the one or more sub-requests, determine the status of the one or more sub-requests from the central IDM system;
  
  upon receiving a response from the central IDM system with the status of the one or more sub-requests, update the status in an audit log;
  
  update a workflow corresponding to provisioning the entity; and
  
  closing the request after receiving status update from the individual one or more sub-requests.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, whereindetermining the status of the one or more sub-requests at the central IDM system comprises determining the status of the one or more sub-requests at the central IDM system using a push pull mechanism at the central IDM system.
  - 8. The method of claim 7, wherein the push pull mechanism is performed as a background job at the central IDM system.
  - 9. The method of claim 6, further comprising:
    - upon receiving a response from the central IDM system with the status of the one or more sub-requests, updating the status in an audit log; and
      
      updating a workflow corresponding to provisioning the entity.
  - 10. The method of claim 6, further comprising:
    - receiving a new request to provision the entity in the one or more heterogeneous landscapes;
      
      upon determining that the one or more heterogeneous landscapes corresponding to the request is connected to a central IDM system, provisioning the entity in the one or more heterogeneous landscapes via the central IDM system; and
      
      closing the request after receiving status update from the request.
  - 11. The method of claim 6, wherein determining whether the one or more heterogeneous landscapes corresponding to the one or more sub-requests is connected to a central IDM system depends on a connector configuration defined in the request.

12. A computer system for consolidated identity management system provisioning to manage access across landscapes, comprising:
- a computer memory to store program code; and
  
  a processor to execute the program code to;
  
  receive a request to provision an entity in one or more heterogeneous landscapes, wherein the request includes one or more sub-requests;
  
  upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are connected to a central identity management (IDM) system, provision the entity in the one or more heterogeneous landscapes via the central IDM system;
  
  upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests are not connected to the central IDM system, directly provision the entity in the one or more heterogeneous landscapes;
  
  upon determining that an IDM configuration supports immediate provisioning, receive a payload as a synchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;
  
  upon determining that the IDM configuration does not support immediate provisioning, receive a payload as an asynchronous request for provisioning the entity, wherein the payload is built for representational state transfer (REST) application programming interface (API) call;
  
  upon determining that a response is not received from the central IDM system with a status of the one or more sub-requests, determine the status of the one or more sub-requests from the central IDM system;
  
  upon receiving a response from the central IDM system with the status of the one or more sub-requests, update the status in an audit log;
  
  update a workflow corresponding to provisioning the entity; and
  
  close the request after receiving status update from the individual one or more sub-requests.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, further comprising:
    - receive a new request to provision the entity in one or more heterogeneous landscapes;
      
      upon determining that the one or more heterogeneous landscapes corresponding to the request is connected to a central IDM system, provision the entity in the one or more heterogeneous landscapes via the central IDM system; and
      
      close the request after receiving status update from the request.
  - 14. The system of claim 12, wherein determining whether the one or more heterogeneous landscapes corresponding to the one or more sub-requests are connected to a central IDM system depends on a connector configuration defined in the request.
  - 15. The system of claim 12, wherein determining the status of the one or more sub-requests at the central IDM system comprises determining the status of the one or more sub-requests at the central IDM system using a push pull mechanism at the central IDM system.
  - 16. The system of claim 15, wherein the push pull mechanism is performed as a background job at the central IDM system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Garg, Neha, Puthadi, Suman Kumar
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/949,600
Publication Number

US 20190312870A1
Time in Patent Office

784 Days
Field of Search
US Class Current
CPC Class Codes

G06F 9/547   Remote procedure calls [RPC...

G06Q 10/1053   Employment or hiring

G06Q 50/265   Personal security, identity...

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Consolidated identity management system provisioning to manage access across landscapes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Consolidated identity management system provisioning to manage access across landscapes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links